14.12.2016 21:08, Rafael Akchurin пишет: > > Hello everyone, > > > > After pulling all my hair out and reading every possible howto on the > Internet for Cisco ASA integration with Squid using WCCP I have > decided to write my own. The how to is at > https://docs.diladele.com/tutorials/web_filter_https_squid_cisco_wccp/index.html. > Please note it is aimed at those with minimal admin skills and > contains every single step thoroughly described (mostly for myself not > to forget anything). > > > > May I get your opinions/ideas if what is written is good enough for > the novice admin? > > > > Moreover several question remain: > > > > 1. Does Squid perform fake CONNECT requests with SNI info instead > of raw IP like I am seeing now? > > 2. Why HTTPS redirection only works with “wccp2_service_info 70 > protocol=tcp flags=*dst_ip_hash* priority=240 ports=443” (all other > flags from wccp configuration section in squid.conf do not work). > Because of ASA is router. Cisco routers uses HASH as assignment method. > > 3. How to bypass connections from workstations to specific remote > sites by FQDN on Cisco ASA? > In fact this will occurs by IP anyway. Cisco devices do DNS lookup and saves IP's in config instead of FQDN. > > 4. Or maybe it is better to exclude them (3) from SSL bump on > Squid using ssl::server_name by splicing? > Depending your requirements. > > > > Thanks in advance for everyone who responds. > > > > Best regards, > > Rafael Akchurin > > Diladele B.V. > > > > -- > > Please take a look at Web Safety - our ICAP based web filter server > for Squid proxy at https://www.diladele.com > > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users
-- Cats - delicious. You just do not know how to cook them.
0x613DEC46.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users